Mozilla has submitted an official appeal to the Ministry of Science, Innovation and Technology of the United Kingdom (DSIT), in which it opposed restricting VPN services as a measure to combat the circumvention of age checks. The organization warns that attempts to regulate anonymization tools will not solve the problem of children accessing unwanted content, but will harm the privacy and security of millions of users. There is still no direct ban on VPNs in the UK; however, a discussion about possible restrictions — from age verification when connecting to a VPN to a complete ban for minors — is already underway at the level of government consultations.

What’s happening: regulatory pressure in context

After the Online Safety Act came into force in 2025, adult-content websites in the UK reportedly began requiring mandatory age verification — via identity documents, bank card data, or facial recognition systems. User reaction was predictable: according to industry sources, the number of VPN downloads in the country has grown significantly. People chose to use VPNs rather than hand over sensitive personal data to third-party sites.

Against this backdrop, regulators’ attention has shifted to VPN services themselves. According to available information, Children’s Commissioner for England Rachel de Souza has proposed restricting the use of VPNs by minors. Various options are being discussed — from introducing age checks when connecting to a VPN to a complete ban for those under 18. However, it should be emphasized that no official bills or regulatory acts enshrining these measures have been adopted as of the publication date.

Mozilla’s arguments: data versus policy

Mozilla’s position rests on several key points, backed by references to independent research.

VPNs are not just a circumvention tool, but a basic element of security. Mozilla’s public policy manager Svea Windwehr stated that VPNs are “a critically important tool for ensuring the privacy and security of users of all ages.” VPNs are used to protect traffic on public Wi‑Fi networks, enable remote work, counter tracking, and bypass censorship in countries with limited internet freedom.

Children rarely use VPNs to bypass restrictions. Mozilla cites research by the organization Internet Matters, according to which only 8% of children use VPNs. Of these, 66% do so to protect their personal data rather than to circumvent age checks. Teenagers much more often resort to simpler methods: entering a false date of birth, using other people’s accounts, or exploiting weaknesses in the verification systems themselves. A telling example: according to The Register, some facial recognition systems have been fooled with the help of drawn‑on moustaches.

Age verification for VPNs is a paradox. If the authorities require age checks when connecting to a VPN, users will be forced to hand over personal data to services whose primary task is to minimize data collection. This is a fundamental contradiction that undermines the very trust model on which VPNs are built.

Impact assessment: who will be affected

Potential VPN restrictions would affect several categories of users:

• Remote workers and the corporate sector — VPN is a standard tool for secure access to corporate resources. Any restrictions would create legal uncertainty for businesses.
• Journalists and activists — for whom VPNs serve as a means of protecting sources and safeguarding freedom of speech.
• Everyday users — who use VPNs for protection on public networks, during online banking, and to counter advertising tracking.
• Browser developers — Mozilla notes that VPN functions are already being tested as built‑in components of Firefox, and a similar trend is observed in other browsers. Regulators would have to fight not with standalone applications, but with core functionality of the modern web.

Mozilla characterizes the approach of the UK authorities with the formula “safety through surveillance”. The organization believes that instead of total user monitoring, regulators should focus on recommendation algorithms, engagement mechanics, and the architecture of the platforms themselves, which generate most of the online risks for children.

Practical recommendations

For VPN users in the UK:

• At the moment, using a VPN in the UK is legal. There is no direct ban, and the discussion is still at the consultation stage.
• Choose VPN providers with transparent privacy policies and a jurisdiction that does not require log retention.
• Keep an eye on regulatory initiatives from DSIT and Ofcom — specific measures may be proposed following the current consultations.

For organizations:

• Assess how dependent your corporate infrastructure is on VPNs and prepare arguments for possible regulatory inquiries.
• Take part in DSIT public consultations — Mozilla’s appeal shows that the industry’s voice can influence policy formation.

The situation around VPNs in the UK is an indicator of a broader trend: governments are looking for ways to control privacy tools under the pretext of protecting children. Data from Internet Matters show that VPNs are far from the main way to circumvent age checks, meaning that restricting VPNs would harm the security of adult users without solving the stated problem. Organizations and individuals who rely on VPNs should already be monitoring the outcome of DSIT consultations and be ready to take part in public debate if the proposals move into the bill stage.